The insider threat has become one of the biggest threats in the realm of cybersecurity. Despite the amount of risk posed by insiders, corporate executives often lack the awareness of the threat to adequately address it.
That is why the Internet Security Alliance’s upcoming course on cybersecurity at the ABA Stonier Graduate Program at the University of Pennsylvania’s Wharton School will feature a new segment on insider threats.
“Although those of us in the cybersecurity field have long known that the insider threat is a major part of cyber-risk management, this emphasis is less apparent to the corporate executives outside the cyber discipline,” said ISA President Larry Clinton, who oversees the course. “We thought it was critical to bring in experienced industry executives to highlight the nature of this threat and illustrate how to address it.”
The insider threat unit is one of several new, specialized portions of the annual ISA executive cybersecurity course at the ABA Stonier School, which begins June 10. Gary McAlum, Chief Security Officer at USAA, and Adrian Peters, Chief Security Officer for the Bank of New York Mellon, have agreed to team-teach the unit on insider threats.
“Of all the cybersecurity risks that an organization has to deal with, the cyber insider threat is the most vexing challenge,” McAlum said. “Today’s trusted system administrator is tomorrow’s disgruntled employee with access to the organization’s crown jewels. It’s the most difficult risk to detect, and the potential damage can be catastrophic.”
Peters emphasized the criticality of this perspective given current attack methods.
“With the advancement of modern attack techniques and the continuous exploitation of end-users and their systems, the insider – knowing or unknowing – is now your biggest threat,” Peters said.
The insider threat unit of the Wharton program will be grounded in an examination of historic insider attacks, such as the Chelsea Manning attack and that at SunTrust Bank. The unit will also analyze a range of potential insiders including the careless worker, the inside agent, the disgruntled employee, the malicious insider, and the feckless third party.
McAlum and Peters will offer the Wharton students a range of techniques to address the threat including enterprise and operational controls to set the proper culture and tone from the top of the organization.
It is clear that the insider threat is a major concern that needs to be addressed in any enterprise risk-management plan — and it is critical that corporate executives have a full picture of the threat to take the right actions and boost security in their organization.